> -----Original Message-----
> From: Pekka Savola [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 16, 2006 8:04 AM
> To: Hallam-Baker, Phillip
> Cc: [email protected]; Keith Moore; [email protected];
> [EMAIL PROTECTED]; Jeffrey Hutzelman
> Subject: policy enforcement points and management [RE: Last
> Call: 'NAT Behavioral Requirements for Unicast UDP' to BCP
> (draft-ietf-behave-nat-udp)]
>
> On Mon, 15 May 2006, Hallam-Baker, Phillip wrote:
> >> From: Jeffrey Hutzelman [mailto:[EMAIL PROTECTED]
> >
> >> Sure. But a policy enforcement point must necessarily be
> configured;
> >> otherwise, how is it going to know what policy to enforce?
> >
> > The policy can be generated automatically from the network
> > configuration and the authorized hosts and applications
> authorized to
> > run on those hosts.
> ...
>
> I think the discussion about policy enforcement points and
> their management is out of scope for this work.
>
> On the other hand, there is a proposed WG (they had a BoF at the last
> IETF) -- NEA (Network End-point Assessment) which aims to do
> something about this space.
>
> I'd recommend folks interested in it go take a look:
>
> http://www1.ietf.org/mailman/listinfo/nea
>
> --
> Pekka Savola "You each name yourselves king, yet the
> Netcore Oy kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
>
>
Is not NEA dealing with a different set of problems mainly related
assessing the hardware or software configuration of an endpoint as it
pertains to an organization's security policy for access control
purposes - called 'posture' in the NEA language? I am not sure how this
would apply.
Dan
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
